Make off-line backups NOW.

A new improved piece of malware that’s targeted at Windows users has entered the stage. It encrypts ALL of your Windows computer’s document files — .docs, spreadsheets, photos, etc — as well as any files that it finds in your Dropbox or on your network’s shares, and demands a ransom to decrypt them. It overwrites your original unencrypted files with zeros. Here’s one sad CryptoLocker story.

CryptoLocker is nasty. It apparently propagates via Phishing attacks: you know, those emails that contain a malicious link and/or attached file. Supposedly CryptoLocker is delivered by an email that looks like it’s from a legitimate company such as FedEx, UPS, a bank, or other business.

One bad feature of CryptoLocker is that it encrypts every file that it can find and gain write access to: this includes your backup files that reside on any online external drives. If it has a drive letter, its files will be encrypted by CryptoLocker. Here is a YouTube video clip of someone who paid the $300 ransom.

Malwarebytes documents CryptoLocker. The best protection is to use offline backup systems. Carbonite would be immune, as would offline tape backup systems.

Sophos has a good CryptoLocker page with video demo. It notes,

A Naked Security reader just commented that from a single infected computer, he was “faced with 14,786 encrypted files over local and mapped network drives.”

Backup system must include versioning

Let’s assume the worst: your files have been encrypted by CryptoLocker. To ensure that you can restore an unencrypted version of each file, your backup system should include a feature called versioning. You’ll need to select from a backup set that was done before CryptoLocker infected your computer . . . and these earlier versions must be stored off-line, or CryptoLocker will encrypt them, too!


Update, 6 Nov 2013: I’ve read that CryptoLocker is distributed via an emailed attachment. The attached file purports to be a PDF file. It is in fact an EXE file. When the victim clicks on the attached file, the attack begins.

Visit my website:
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695


3 thoughts on “Make off-line backups NOW.”

    1. Yes. this ransomware is genuinely very bad news. Previous ransomware just claimed that the FBI or similar police agency had detected illegal behavior and demanded a ransom to keep you out of jail.

      CryptoLocker is much worse.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s